Medium severity5.0NVD Advisory· Published Sep 1, 2025· Updated Apr 29, 2026
CVE-2025-9799
CVE-2025-9799
Description
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
< 2.95.12-r2+ 1 more
- (no CPE)range: < 2.95.12-r2
- (no CPE)range: < 2.95.12-r2
Patches
Vulnerability mechanics
References
5- github.com/langfuse/langfuse/issues/8522nvdExploitIssue Tracking
- github.com/langfuse/langfuse/issues/8522nvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.